Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Throughout this blog, we often write about both FedRAMP and CMMC as cybersecurity frameworks applied to the federal government and its contractors. These frameworks share a lot of the same DNA stemming from the same resources, and they share the same goal of making the federal government more secure. One significant question you may have, though, is one of practicality. Do CMMC and FedRAMP have reciprocity?

To say that the actions of the Trump administration are having an impact on cybersecurity is an understatement. Executive orders are an important and useful tool that have been used by many presidents for the good of the country – and sometimes for other ends – and some recent executive orders have been aimed at establishing and improving the cybersecurity of the country. Meanwhile, others have, to put it lightly, the opposite impact.

When it comes to overall productivity platforms, collaboration tools, and office suites, the two biggest options dominating the market are the Google G Suite and Microsoft’s Office ecosystem. Whether it’s word processing, team collaboration, IT frameworks, device management, or the entire infrastructure of a business, there’s a pretty good chance one of these two options is going to power the way you operate.

A lot goes into protecting the information security of the nation. The National Institute of Standards and Technology, NIST, maintains a list of security controls under the banner of NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations. Meanwhile, the Federal Risk and Authorization Management Program, or FedRAMP, sets up a framework that makes those security controls apply to governmental agencies and the third-party cloud service providers that work with them.